Working with Kerberized Hadoop

This page lists the steps required to setup a secured hadoop cluster using the Hortonworks HDP stack.

Install KDC

As a prerequisite you need to have a kerberos KDC up and running. You can refer to this page to setup a basic KDC server on RHEL and similar systems. kadmin server should also be enabled on the KDC for Hortonworks Ambari setup wizard to do admin operations on the KDC, else, all the service principals required and the corresponding keytabs have to be manually generated.

Install HDP hadoop stack

Follow the Hortonworks Ambari installation guide to setup Hortonworks hadoop stack on your nodes.

Enable kerberos on the hadoop stack

Start the kerberos config wizard from the top bar (Admin-->kerberos) in the Hortonworks Ambari cluster admin view. On the next screen you will be asked for the KDC details like hostname of the KDC, REALM name, hostname of the kadmin server, admin username and password. The kerberos configuration wizard of Hortonworks Ambari will now generate all the required principals and corresponding keytabs. The Hadoop stack will be restarted at the end. More details can be found on this page.

Install JCE policy files.

To use some encryption types in Kerberos you have to install the Java Cryptography Extension policy files. The files can be downloaded from here[Needs agreement to license] for java version 8. Install the policy files by extracting in $JAVA_HOME/jre/lib/security and $JAVA_HOME/lib/security.